From ac08d74b8fabe41dffaac4c9d9a83da3c0ebe2e8 Mon Sep 17 00:00:00 2001
From: Patrick Kollitsch <davidsneighbourdev+gh@gmail.com>
Date: Fri, 24 Apr 2026 08:03:05 +0000
Subject: [PATCH] chore: set up branch protection rules and workflows
---
RELEASES.md | 31 +++++++++
.github/rulesets/protect-development.json | 41 +++++++++++++
.github/workflows/branch-protection-main.yml | 25 ++++++++
.github/rulesets/protect-main.json | 38 ++++++++++++
4 files changed, 133 insertions(+), 2 deletions(-)
diff --git a/.github/rulesets/protect-development.json b/.github/rulesets/protect-development.json
new file mode 100644
index 0000000..4e89536
--- /dev/null
+++ b/.github/rulesets/protect-development.json
@@ -0,0 +1,41 @@
+{
+ "id": 15502619,
+ "name": "protect-development",
+ "target": "branch",
+ "source_type": "Repository",
+ "source": "gohugo-ananke/ananke",
+ "enforcement": "active",
+ "conditions": {
+ "ref_name": {
+ "exclude": [],
+ "include": ["refs/heads/development"]
+ }
+ },
+ "rules": [
+ {
+ "type": "deletion"
+ },
+ {
+ "type": "non_fast_forward"
+ },
+ {
+ "type": "pull_request",
+ "parameters": {
+ "required_approving_review_count": 0,
+ "dismiss_stale_reviews_on_push": true,
+ "required_reviewers": [],
+ "require_code_owner_review": false,
+ "require_last_push_approval": false,
+ "required_review_thread_resolution": true,
+ "allowed_merge_methods": ["squash"]
+ }
+ }
+ ],
+ "bypass_actors": [
+ {
+ "actor_id": 17174680,
+ "actor_type": "Team",
+ "bypass_mode": "always"
+ }
+ ]
+}
diff --git a/.github/rulesets/protect-main.json b/.github/rulesets/protect-main.json
new file mode 100644
index 0000000..8a1ed17
--- /dev/null
+++ b/.github/rulesets/protect-main.json
@@ -0,0 +1,38 @@
+{
+ "id": 15502478,
+ "name": "protect-main",
+ "target": "branch",
+ "source_type": "Repository",
+ "source": "gohugo-ananke/ananke",
+ "enforcement": "active",
+ "conditions": {
+ "ref_name": {
+ "exclude": [],
+ "include": ["refs/heads/main"]
+ }
+ },
+ "rules": [
+ {
+ "type": "deletion"
+ },
+ {
+ "type": "non_fast_forward"
+ },
+ {
+ "type": "pull_request",
+ "parameters": {
+ "required_approving_review_count": 0,
+ "dismiss_stale_reviews_on_push": false,
+ "required_reviewers": [],
+ "require_code_owner_review": false,
+ "require_last_push_approval": false,
+ "required_review_thread_resolution": false,
+ "allowed_merge_methods": ["merge", "squash", "rebase"]
+ }
+ },
+ {
+ "type": "required_linear_history"
+ }
+ ],
+ "bypass_actors": []
+}
diff --git a/.github/workflows/branch-protection-main.yml b/.github/workflows/branch-protection-main.yml
new file mode 100644
index 0000000..117f713
--- /dev/null
+++ b/.github/workflows/branch-protection-main.yml
@@ -0,0 +1,25 @@
+name: Validate main branch source
+
+on:
+ pull_request:
+ branches:
+ - main
+
+permissions:
+ contents: read
+ pull-requests: read
+
+jobs:
+ validate-source-branch:
+ name: Require development as source branch
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Validate source branch
+ env:
+ HEAD_REF: ${{ github.head_ref }}
+ run: |
+ if [ "${HEAD_REF}" != "development" ]; then
+ echo "::error::Pull requests into main must come from development. Current source branch: ${HEAD_REF}"
+ exit 1
+ fi
\ No newline at end of file
diff --git a/RELEASES.md b/RELEASES.md
index a1d34f3..fb28bea 100644
--- a/RELEASES.md
+++ b/RELEASES.md
@@ -25,13 +25,40 @@
## Branching Model
-### main
+```mermaid
+flowchart LR
+ %% Columns
+ subgraph C1["Release"]
+ MAIN["main"]
+ end
+
+ subgraph C2["Staging"]
+ DEV["development"]
+ end
+
+ subgraph C3["Features, Fixes, Chores"]
+ F1["fix/issue123"]
+ F2["feat/foobar"]
+ F3["chore/dependencies"]
+ FMORE["..."]
+ end
+
+ %% Flow
+ DEV -->|rebase| MAIN
+
+ F1 -->|squash| DEV
+ F2 -->|squash| DEV
+ F3 -->|squash| DEV
+ FMORE --> DEV
+```
+
+### `main`
* Contains only stable, released code
* Updated **only via rebase from `development`**
* Tagged for official releases
-### development
+### `development`
* Acts as staging environment
* Receives all feature and fix changes
--
Gitblit v1.10.0